Over the last 6 months we have worked with customers to
complete an astonishing range of implementations. As part of this work,
we
tried to learn something from each customer and roll those requested
features,
lessons, and needed improvements into the latest version of our
product. The revision
history list we put up on the web site barely scratches the surface
of the
evolutionary work accomplished by our development team.

Overall we added a ton of new features, made configuration
of complex environments much easier by providing import/export of
configuration
settings, added Windows DSRM support, SAP support, improved SSH speed
by
20x-50x, further improved scalability and speed for monster-sized
enterprises,
cloud providers, ISP and MSPs. We also made major changes to the web
application
to organize and display vast amounts of per-system and per-account
data. We
even spruced up the web interface to provide easier skinning. And, of
course,
lots of bug fixes, more targets for propagation, reworking of dialogs
per
customer feedback, and improvements in just about every area of the
product.

There were a few things we were working on that did not make
the final release schedule in December, but we are working on a
slipstream
release of 4.83.3 with updated documentation. We are hoping that a few
of the
features we were not able to get into the December general release make
it into
the slipstream release coming out in the next few weeks.

Do You Store
Sensitive Data on Shared Spreadsheets?

Hint: Something New
in 4.83.3 Has Shipped…

Do you store your sensitive credentials and other secrets on
spreadsheets or in Microsoft SharePoint, Lotus Notes, or other shared
file repositories?
One of our customers was faced with a scenario of having over 500+
spreadsheets
containing sensitive data. After an audit, their auditors were not
happy that
there was no real tracking or need for employee justification for
access to sensitive
spreadsheet information. Further, spreadsheets provided no way to
achieve the
disclosure of the minimal amount of information for specific purposes.
Does any
of this sound familiar (i.e. too much access to information without any
justification)?

To solve this problem, version 4.83.3 of both ERPM and RPM
adds a new module (free upgrade to existing customers under support)
called the Password
Spreadsheet Manager (PSM) module. This module allows you to
mass import
all of your sensitive data spreadsheets (CSV files), mass import
permission
rules for the sheets (CSV files), and use the existing access,
authorization,
auditing, encryption, and integrations of ERPM and RPM to control
access to the
data.

The outcome of using this new module is the total removal of
unsecured spreadsheets floating around, controlled and audited access
to
specific rows (minimal knowledge and minimal disclosure) of data, and
the
solution to a big problem. Because we are using a serious database for
our
backend storage and because we don’t license by users, administrators
or
secrets, you can store an unlimited amount of information accessed by
an
unlimited number of users and administrators for no extra cost if you
already
own RPM or ERPM.

But I already have a Secure
File Vault…

You might wonder why Password Spreadsheet Manager is needed
if we already provide a secure and encrypted file vault/file store in
our
product.

Simple: Once
someone checks out a spreadsheet file, you really don’t know who has
seen/shared
access the data, and to a degree, you don’t know how the specific
pieces of
information on the spreadsheet will be used (limited accountability).
Spreadsheet
files, once they are transferred from a secure storage system give up
all their
secrets in one shot. Without any sort of Digital Rights Management
(DRM) on the
file, it can be shared, printed, etc.

With spreadsheets, you also lose track of which rows of
secret data were used for which purposes. By converting public
spreadsheets
into collections of encrypted rows of data where each sheet and
specific row
needs to be requested/recovered/justified, you now have a system that
provides
accountability and audited controls. The secrets on the spreadsheet
might be
passwords, but they could just as well be PIN codes, phone numbers,
account
numbers, or any other piece of sensitive information that you need to
control
access to.

Solutions to simple
problems are important

Although we are well known for our sophisticated technology
for privileged identity management with features like auto-discovery,
correlation and propagation; sometimes just getting rid of an
out-of-control
information proliferation problem is just what the doctor ordered.

Standalone Password
Spreadsheet Manager

We will be offering the PSM module with our secure file
storage
system as a standalone
product in Q1 2012 at a very attractive price. We will have more
details
about the standalone version in an upcoming newsletter.

If you are an existing
Enterprise Random Password Manager (ERPM) or Random Password Manager
(RPM) customer, we STRONGLY recommend you upgrade to the new version.
There is so much more functionality and flexibility in this release.
Download the new installer package, run it, and
upgrade the website - it's that simple!

25 Worst Passwords of 2011 – A Few Head
Scratchers. “Football” isn’t just one of America’s favorite
past times, or what many of us enjoyed watching on Thanksgiving Day.
According to a recent Forbes.com article revealing the 25 “Worst
Passwords” of 2011, “football” made the list as #25...

Preventing
ITIL Failure in Four Easy Steps. TechWeek. Twenty years on,
ITIL best practice is still widely used and implemented. Philip
Lieberman explores the pitfalls that may lead to failure and offers
ways to prevent it.

Poor
security exposes voice mail to hacking, finds study. The Economic
Times. ... much of the digital technology that protects
the privacy of cellphone calls was developed in the 1980s and 1990s and
is ripe for attack.

The
pros and cons of information sharing. FierceCIO. Sharing
information about data breaches with the government and fellow
corporations is the right thing to do, isn't it? There's a difference
of opinion on this one, and it is exemplified by the positions of Peter
George, president and CEO of Fidelis Security Systems, and Philip
Lieberman, president and CEO of Lieberman Software.

In-depth:
Security predictions for 2012 part one. MicroScope.co.uk. To
get an insight into what is on the horizon in the security market next
year we have canvassed opinion from several companies to find out what
those in the industry think is round the corner in 2012.

One
in four IT security staff abuse admin rights, survey shows.
ComputerWeekly.com. At least one in four IT security staff use
their privileged login rights to look at confidential information, a
survey has revealed. More than a quarter of the 300 IT professionals
polled in the latest annual password survey by identity management firm
Lieberman Software said they could not resist peeking at redundancy
lists, payroll information and other sensitive data including, for
example, Christmas bonus details.

Password
apathy common among IT workers, survey finds. Federal Computer Week.
Many IT professionals are apathetic about changing their enterprise
passwords and lack rudimentary understanding of IT security,
particularly in the areas of password control and privileged log-ins,
according to a survey.

How Filipino phreakers turned PBX systems
into cash machines for terrorists.Ars Technica. A quartet of hackers
based in the Philippines have allegedly bilked AT&T and possibly
other telecommunications companies out of millions, which they
channeled to their own bank accounts and to accounts associated with a
terrorist organization. And apparently, AT&T helped them collect
the money.

Four
rising threats from cybercriminals. CSO. Criminal hackers
never sleep, it seems. Just when you think you've battened down the
hatches and fully safeguarded yourself or your business from electronic
security risks, along comes a new exploit to keep you up at night. It
might be an SMS text message with a malevolent payload or an errant
signal designed to jam GPS receivers.

Is the
Firefox 10 silent update feature a good thing? Help Net Security. Mozilla
is planning to implement silent background updates in the upcoming
version of Firefox 10, which could be very bad news on the security
front, according to Philip Lieberman, CEO of Lieberman Software.

Lieberman
Software Corporation respects your right to privacy, and believes any
information you provide us should be protected
from disclosure to others. For more information, please read our privacy
policy. You are receiving this
email because you have granted us permission to contact you. If you do
not wish to receive email messages from Lieberman Software in the
future, please click here.